Remote administration of COM+ through a firewall

Goal: Administer COM+ applications on remote computers.

Problem: Windows firewall on the remote computer blocks the connection.

Solution: Set up the firewall to accept dynamic RPC ports.

The most relevant article to this topic is available here.

I searched Google for an hour, and could not find anywhere that somebody had documented how to set up a firewall to allow remote administration of COM+ Applications. The Component Services snap-in lets you add another computer. If that computer has the basic Windows Firewall active, you will not be able to connect to or see anything on the other computer. This is indicated by a nice red arrow on the icon for the remote computer.

Component Services uses dynamic RPC ports to communicate with other computers. The article describes how to restrict the ports that RPC uses.

I used the rpccfg.exe tool from the resource kit. A link to download it is in the support article. This is run on the remote PC. I used it to restrict RPC to ports 5001-5100.

The next problem was how to tell the Windows Firewall to allow these ports through from the administration PC. Windows Firewall does not allow port ranges in the exceptions. Powershell to the rescue! The following Powershell script set up exceptions for each port:

PS C:\> 5001..5100 | % { `
netsh firewall add portopening `
protocol = TCP port = $_ `
name = "Remote admin RPC $_" `
scope = CUSTOM addresses =}
  1. Leave a comment

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: